- From: Mitsutoshi Aoe <
>
- To:
- Subject: [chef] Re: Re: Different data_bags in production and test-kitchen
- Date: Fri, 21 Feb 2014 09:47:19 +0900
Hi Lamont,
The sudo cookbook worked. I ended up having to specify existing
privileged users and groups like this:
include_recipe "sudo"
sudo "root" do
user "root"
runas "ALL:ALL" # instead of just ALL
end
sudo "sudo" do
group "sudo"
runas "ALL:ALL"
end
sudo "vagrant" do
user "vagrant"
nopasswd true
only_if { Etc.getpwnam('vagrant') }
end
I was rather opposed to writing vagrant-aware recipes. Probably I was
just too paranoid in this case.
Thanks,
Mitsutoshi Aoe
2014-02-21 3:49 GMT+09:00 Lamont Granquist
<
>:
>
On 2/19/14 9:47 PM,
>
>
wrote:
>
>
>
> Hi, I'm using test-kitchen with vagrant, and having trouble with the users
>
> cookbook from opscode.
>
>
>
> Suppose we have a bunch of 'users' data bag items and some of them have
>
> 'sudo'
>
> in the array of groups. If we have a recipe that has users_manage "sudo",
>
> kitchen converge removes the vagrant user from sudo group because we don't
>
> have
>
> the vagrant user in our data_bags.
>
>
>
> I could come up with a few work arounds:
>
>
>
> A. Add vagrant user in our data_bags
>
> B. Modify our cookbook so that users_manage "sudo" runs if it's not in
>
> Vagrant
>
>
>
you can 'detect' running on vagrant by looking for the presence of the
>
vagrant user:
>
>
sudo "vagrant" do
>
user "vagrant"
>
only_if { Etc.getpwent("vagrant") }
>
end
>
>
this kind of arbitrary-probe-state-and-then-take-action pattern is one of
>
the reasons why
>
pushing ruby code down to the server under management is really powerful.
Archive powered by MHonArc 2.6.16.